Commit 3cbadc14 authored by Chris Wright's avatar Chris Wright Committed by Linus Torvalds

[PATCH] configurable SELinux bootparam value

Add configure option for setting default SELinux bootparam value.  Ack'd by
James Morris.
Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent b0ae09ac
...@@ -24,6 +24,21 @@ config SECURITY_SELINUX_BOOTPARAM ...@@ -24,6 +24,21 @@ config SECURITY_SELINUX_BOOTPARAM
If you are unsure how to answer this question, answer N. If you are unsure how to answer this question, answer N.
config SECURITY_SELINUX_BOOTPARAM_VALUE
int "NSA SELinux boot parameter default value"
depends on SECURITY_SELINUX_BOOTPARAM
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'selinux', which allows SELinux to be disabled at boot. If this
option is set to 0 (zero), the SELinux kernel parameter will
default to 0, disabling SELinux at bootup. If this option is
set to 1 (one), the SELinux kernel paramater will default to 1,
enabling SELinux at bootup.
If you are unsure how to answer this question, answer 1.
config SECURITY_SELINUX_DISABLE config SECURITY_SELINUX_DISABLE
bool "NSA SELinux runtime disable" bool "NSA SELinux runtime disable"
depends on SECURITY_SELINUX depends on SECURITY_SELINUX
......
...@@ -87,7 +87,7 @@ __setup("enforcing=", enforcing_setup); ...@@ -87,7 +87,7 @@ __setup("enforcing=", enforcing_setup);
#endif #endif
#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
int selinux_enabled = 1; int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
static int __init selinux_enabled_setup(char *str) static int __init selinux_enabled_setup(char *str)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment